2.19.0 release notes

February 06, 2025

NGINX Instance Manager 2.19.0 release notes

Upgrade Paths

NGINX Instance Manager 2.19.0 supports upgrades from these previous versions:

• 2.16.0 - 2.18.1

If your NGINX Instance Manager version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

Important Note about upgrades to NGINX Instance Manager 2.19 for API Connectivity Manager (ACM) users

NGINX Instance Manager 2.19 is the first iteration of NGINX Instance Manager as a standalone product without modules such as API Connectivity Manager (which is EoS). NGINX Instance Manager now includes Security Monitoring (previously a module) as a feature under App Protect in the web interface. The Instance Manager helm charts and docker compose options include Security Monitoring also.

Instance Manager 2.19 will not be compatible or supported with EoS API Connectivity Manager. API Connectivity Manager users get support of Instance Manager up to 2.18 and upgrades to Instance Manager 2.19 will not succeed if API Connectivity Manager is installed.

What’s new

This release includes the following updates:

• NGINX Instance Manager is now a standalone product

  Starting with this release, NGINX Instance Manager is a standalone product without any dependencies from other NGINX products (NGINX Management Suite, API Connectivity Manager).

  The Security Monitoring module is now a feature of NGINX Instance Manager found in the "App Protect" section.

  If NGINX API Connectivity Manager is currently running as a module in NGINX Instance Manager or NGINX Management Suite in your environment, you will need to remove the module before upgrading to 2.19.0.

• Forward proxy support using the HTTP CONNECT method

  NGINX Instance Manager can now be configured to use the CONNECT HTTP method to request that a proxy establish a HTTP(S) tunnel to an outbound server. This covers all use-cases that require outbound access such as App Protect Signature updates, licensing and usage reporting.

  • Documentation: Configure NGINX Instance Manager to use a forward proxy

• Support for OpenShift Deployments using Helm

  Added an OpenShift flag to the Helm charts that creates a security context constraint resource to support NGINX Instance Manager in OpenShift.

  • Documentation: Deploy NGINX Instance Manager using Helm

• VM-based active-passive HA Support with keepalived

  This release includes documentation for a basic HA (High availability) setup with two nodes, for bare metal and VM based environments. This feature uses keepalived and a failover script if a primary NGINX Instance Manager node fails.

  • Documentation: Configure high availability (HA) for NGINX Instance Manager

• Added "Export" feature for templates

  We have added a new option to export templates using the NGINX Instance Manager web interface.

• Forward proxy support using the HTTP CONNECT method

  NGINX Instance Manager can now be configured to use the CONNECT HTTP method to request that a proxy establish a HTTP(S) tunnel to an outbound server. This covers all use-cases that require outbound access such as App Protect Signature updates, licensing and usage reporting.

  • Documentation: Configure NGINX Instance Manager to use a forward proxy

Changes in default behavior

This release has the following changes in default behavior:

• Prompt to specify an FQDN for NIM when generating SSL certificates during installation

  When installing, users will be prompted to enter a fully qualified domain name (FQDN) to include in the Subject Alternative Name (SAN) of the NGINX Instance Manager’s self-signed certificate generated during installation. This FQDN can serve as the server name for NGINX Instance Manager. Users can also specify this FQDN in the Installation Script

  Starting with NGINX Plus R33, usage data reporting requires validating the SSL certificate of NGINX Instance Manager via the ssl_verify directive in the mgmt block. Proper SAN configuration ensures seamless SSL verification.

• Watchdog enhancements to improve stability

  We have introduced new configurable element in nms.conf called enable_watchdog_notifications. When enabled, if any process takes longer than expected to respond the customer will get a notification in the web interface warning about the unresponsive process. Previously, a Watchdog process was stopping the process and led to configurations not applying.

• Expired unmanaged certificates are eventually removed from the web interface

  Starting in 2.19.0, remote certificates that are expired are removed from the web interface after 30 days.

Resolved issues

This release fixes the following issues. Use your browser’s search function to find the issue ID in the page.

• Error messages persist after fix (45024)
• .tgz files are not accepted in templates (45301)
• The web interface can’t display more than 100 certificates (45565)
• NGINX configuration error messages overlap outside the error window (45570)
• Syntax errors while saving template configuration (45573)

Known issues

You can find information about known issues in the Known Issues topic.